Ethermint fixes a vulnerability that could have cost tens of millions of dollars

The Ethermint protocol developers from the Cosmos ecosystem have fixed a critical vulnerability. The bug, detected by crypto-trading firm Jump Crypto, could have led to eight-figure losses in dollars, they told CoinDesk.

The Tendermint and ChainSafe Systems teams launched Ethermint in 2020. The solution enables Ethereum smart contracts to run within the Cosmos environment and is deployed in networks such as Cronos, Kava, and Canto.

The discovered bug could bypass certain contract-processing functions, allowing users to avoid paying gas fees and leading to a denial of service.

After being alerted by Jump Crypto, developers from Evmos Core and Cronos worked with the firm’s experts. They implemented a code fix that neutralised the attack vector.

There was no evidence of malicious exploitation. The Cronos team paid the trading firm Jump Crypto a $25,000 bounty for discovering the bug.

In March, Verichains researchers disclosed several critical vulnerabilities in the Tendermint protocol.